36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails processed through their security services between November 1, 2023 and October 31, 2024 – and 2.3% of those contained malicious content, totalling 427.8 million emails.
Once again, phishing remains the most prevalent form of attack, responsible for a third of all cyber-attacks in 2024. This was confirmed by the analysis of 55.6 billion emails, showing that phishing remains a top concern consistently year over year. Malicious URLs and advanced fee scams were responsible for 22.7% and 6.4% respectively.
“These findings highlight both progress and new challenges in the fight against cyber threats. While it’s encouraging to see some consistency in attack methods, for defensive purposes, the shift toward more targeted social engineering tactics means businesses must stay vigilant,” said Daniel Hofmann, CEO of Hornetsecurity.
“With over 427 million malicious emails still reaching inboxes, it’s clear that cybersecurity strategies must evolve to stay ahead of increasingly sophisticated threats. This data underscores the need for stronger email security coupled with user awareness to keep organizations safe,” added Hofmann.
Rise in reverse-proxy credential theft
Nearly every malicious file type saw a decrease compared to last year. However, HTML files (20.4%), PDFs (19.2%), and Archive (17.6%) files remain in the top three spots in a continuation from 2023.
The data shows a decrease in the use of malicious attachments, this is due to a rise in reverse-proxy credential theft attacks over the past year, which use social engineering and malicious links (not attachments) to trick users. These attacks redirect users to fake login pages that capture credentials in real-time, even bypassing two-factor authentication.
Malicious URLs are the second most common type of attack, making up 22.7% of all attacks. Their use surged in 2023 and continues to grow as attackers use them in credential-stealing attempts. Tools such as Evilginx allow attackers to set up fake login pages to trick users into entering their credentials, which are then captured.
Mastercard and Netflix see spike in phishing attempts
Due to the net decline in attacks, the threat index for nearly every industry dropped during the data period compared to 2023. However, the data continues to show that every industry is under attack – with mining, entertainment, and manufacturing being the most targeted for ransomware attacks and double-extortion scams.
Shipping brands, such as DHL and FedEx, are the most impersonated brands online. Cyber attackers are targeting customers through phishing scams that boast a high degree of similarity to real communications from these organisations. DocuSign and Facebook also both saw more than double the amount of impersonation attempts compared to 2023, while Mastercard and Netflix both saw notable increases as well.
“In 2025, organizations must prioritise basic security practices and embrace a zero-trust mindset to tackle vulnerabilities head-on and foster a strong security culture. Building a well-defended business isn’t possible without engaging everyone—helping them understand how cybersecurity impacts them personally and why their role is essential to keeping threats at bay,” concluded Hofmann.